Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Greenhill

Pages: [1]

I have tried setting up pfsense using the guide below but I'm not able to get it to work:

I'm installing this on my hyper-v host which is running server 2012 core. It has 2 nic's, one on board wich I'm using for host connectivity (the host also runs as domain controller / DNS / DHCP). The other nic is an intel i350 with 2 ports, I'm using 1 port for LAN on pfsense and the other for WAN.

The guide says I need 2 virtual switches, 1 internal for the LAN, 1 external for the WAN with the checkbox "Allow management operating system to share this network adapter" disabled.

So I created both switches, connected LAN to the LAN interface on pfsense and WAN to the WAN interface. I set up an IP on the LAN virtual switch to have the same subnet as my physical LAN which is 172.28.57.x / 24. All my physical devices are on this subnet (including the hyper-v host machine on the 3rd nic). The wan side is on 192.168.2.x / 24. The LAN interface on pfsense is also set up to be in the same subnet as my physical computers 172.28.57.x / 24 WAN is on 192.168.2.x / 24. I'm aware of using an internal virtual switch type I will not be able to bind it to the physical LAN port on my i350 so I am really asking myself how this can be set up to work using an internal vm switch.

Following this guide I'm not able to get any connectivity from my physical LAN to pfsense and out to the internet but I can ping websites from pfsense (connectivity does work between VM's and the host machine). How can I set up hyper-v and pfsense using an internal vm switch to connect to my physical LAN ? Am I missing some kind of routing configuration in pfsense to make this work like described in the guide ?

My reason for trying to set it up using this guide is because I think the traffic going over my physical LAN is not all being handled by pfsense, I think some of the traffic is going around pfsense (in short its not isolated), I noticed this in the monitoring I have set up. Copying files from one computer to another isn't going through the firewall which is logical, while copying from VM to another VM is all going through pfsense and I would like to have the same results for traffic on my physical LAN aswell, I would like to have pfsense handle all traffic so I know what is going on in the network.

Maybe I need some kind of DMZ setup with pfsense to be able to isolate all traffic ?

interface:WAN -> Interface:PFSENSE(DMZ)
                                                             |-> Interface:VMLAN ?
                                                             |-> Interface:LAN ?

If so, how would I set this up ?

Thanks in advance!

Firewalling / Cant figure out how to block on LAN
« on: February 18, 2018, 11:39:34 am »

I am having trouble blocking some applications on my LAN. For example I have a plex server installed which I want to allow only for a few hosts set up in an alias.

Have set up the alias and added the ip addresses. To block this im trying to use floating rules. I have a WAN/LAN/VPN interface on my pfsense.

The rule I set up looks like this:

Action: block
interface: LAN
Direction: any
proto: TCP
Source: ComputerAlias
port: any
Destination: plexserver

I have enabled apply directly on match for all my rules.

This obviously didnt work because I noticed the outgoing ip to my plex server is not any of the hosts I set up in the alias but it is passing out through the LAN address of the firewall/LAN gw address. It seems to only communicate between those 2 IP's which leaves me no room to block any hosts using an alias from accessing it, it is either you have a connection or no one has.

How can I get around this and use an alias to block ?
I also have the same problem with RDP, i cannot block it...(not for specific hosts, i can block in general but its not what im looking for).

Does anyone have any ideas on how to block connections using aliases on a LAN interface?

IDS/IPS / Re: Taming the beasts... aka suricata blueprint
« on: August 10, 2017, 04:17:46 pm »

I'm a bit confused with the setup, can someone explain how this can work with a floating rule - quick action ? Wont that stop processing rules on groups/interfaces as soon as it matches ? How can I make pfsense process rulesets with quick enabled after it matches on a floating rule ?

IDS/IPS / Suricata rule actions
« on: August 07, 2017, 12:36:18 pm »

I installed Suricata on pfsense yesterday and clicked all night to set the action rules to drop for the rules I want. Today I was checking the rules again and after the rule update they all got their default action "alert" back ... is there a simple fast way to set the rules to "drop" again without having to manually click through all of them again ?

Pages: [1]